New fake profiles on LinkedIn are being used to entice users to a bogus recruiter.
According to research by BitDefender, the faux recruiter is named ‘Annabella Erica’ and her profile contains a link which has been featured on a number of legitimate LinkedIn groups, including the 167,000-strong Global Jobs Network.
BitDefender told PCR that some of the websites that ‘Annabella’ links through to include malware-ridden code that attempts to harvest the personal data of unsuspecting users. The news follows research by Websense which detected a profile belonging to “Jessica Reinsch” that “views” profiles and is apparently based in Switzerland.
However the profile contains links to a dating site, but Websense said that at the time of writing there was no malicious code exists on the dating site, but it did have telemetry revealing that other domains on that same IP have been known to host suspicious code such as blackhat SEO.
Security blogger Graham Cluley, said that while this is not a big deal as so many people are looking to connect, but if they posted a malicious link then that is a different matter. He told IT Security Guru that LinkedIn would be better served in scanning profiles and traffic for malicious links as “the more choice they want to give the user, the more proactive they need to be”.
“What would be great is if LinkedIn was a lot more proactive in finding where links took you rather than trying to get in the middle of your email with Intro,” he said.
Jason Brvenik, vice president of security strategy at Cisco, said: “LinkedIn makes it infinitely easier to map out connections, but I am not surprised that this is more of a target than a social sites as this is where the professionals are, so where the money is.
“I do think all social networking sites can do more, but it is like security with the cat and mouse game – one side is always going to get ahead for a bit.”
